Home » Viren, Trojaner & Malware Forum » Winfixer 2005 Malware ? » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Winfixer 2005 Malware ?

02.01.2006, 00:05

FHA

Member

Beiträge: 11

#1 Hallo !

wer kann helfen dieses äußerst hartnäckige Ding loszuwerden ( die Anleitungen in den anderen Foren brachten leider keine Ergebnisse).
DANKE

Mein log sieht wie folgt aus

Logfile of HijackThis v1.99.1
Scan saved at 23:46:12, on 01.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
d:\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Java\jre1.5.0_02\bin\jusched.exe
D:\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_N56M1711NetInstaller.exe
D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\Harzheim\Eigene Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.de/nwshp?hl=de&tab=wn&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.de/nwshp?hl=de&tab=wn&q=
F3 - REG:win.ini: load=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\programme\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AWMON] "D:\F-Secure Anti-Virus\Anti-Spyware\Ad-Monitor.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NI.UWFX5U_0001_N56M1711] "C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_N56M1711NetInstaller.exe" -nag
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Startup: Quicken 2003 Zahlungserinnerung.lnk = D:\Quicken2003\billmind.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120498919984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134064727843
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.151.42.188:89//activex/AMC.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all01.kundenserver.de/app/static/activex/msxml4.cab
O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Programme\AVPersonal\AVGUARD.EXE (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman Type-R - Unknown owner - d:\Norman\NPF\NPFSVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

03.01.2006, 22:28

Katzenauge

...neu hier

Beiträge: 1

#2 Hallo Sabina,

schlage mich auch mit dem Win Fixer rum. Vielleicht kannst Du mir ja weiterhelfen:

Logfile of HijackThis v1.99.1
Scan saved at 22:09:21, on 03.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\SMC\SMC.exe
C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Harald\LOKALE~1\Temp\Rar$EX00.016\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: EZ Connect Wireless USB Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://F:\data\Hidinmon.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://F:\data\A9.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

05.01.2006, 14:18

Sabina

Ehrenmitglied

Beiträge: 29434

#3 Katzenauge

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe

hat im autostart nichts verloren....

O18 - Protocol: bw+0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten
stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

suchen/umbenennen in old
C:\WINDOWS\system32\pidd.dll

deinstallieren/loeschen
C:\Programme\SurfAccuracy
C:\Programme\YourSiteBar

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
-----------------------------------------------------------
multiavtool
http://virus-protect.org/multiavtool.html
klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster.
- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\
__________
MfG Sabina

rund um die PC-Sicherheit

05.01.2006, 23:18

shylocc

...neu hier

Beiträge: 2

#4 Hallo Sabina, meine Augen fallen zwar gleich zu, aber ich hoffe ich konnte bis zu diesem Schritt alles richtig machen.... hier nun mein note pad log was auch immer .-)

Logfile of HijackThis v1.99.1
Scan saved at 22:59:03, on 05.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Save\Save.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\czRtM3Q\command.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\samet\Desktop\Yüksel\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - (no file)
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\System32\vtstt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload114a.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135858405560
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135858394967
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D629FADB-8820-47E1-A7BF-114EA32E22FD}: NameServer = 217.237.151.33 217.237.149.225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\h6l20g3oe6.dll (file missing)
O20 - Winlogon Notify: vtstt - C:\WINDOWS\System32\vtstt.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\czRtM3Q\command.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)

danke im voraus, hoffe ich weiß morgen noch, was ich eben gemacht hab...

gruß aus berlin & g-n8!

06.01.2006, 00:46

Sabina

Ehrenmitglied

Beiträge: 29434

#5 shylocc

viel Hoffnung mache ich dir nicht...der PC ist sehr verseucht....

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien ( 3 monate vom Datum her genuegen)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

06.01.2006, 15:15

shylocc

...neu hier

Beiträge: 2

#6 sabina

danke fuer die schnelle antwort!

muss ich bei diesem hijack-this alles rot gefaerbte ankreuzen und auf
"fix checked" klicken?? soll das alles entfernt werden?

hier die vier textdateien..

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2468-F584

Verzeichnis von C:\WINDOWS\system32

06.01.2006 15:06 328.941 ttstv.ini2
06.01.2006 09:41 339.727 ttstv.bak2
06.01.2006 09:20 43.520 CmdLineExt03.dll
05.01.2006 22:40 0 lo2.txtt
05.01.2006 21:17 13.002 wpa.dbl
01.01.2006 22:31 8.464 sporder.dll
31.12.2005 14:22 3.534 jupdate-1.5.0_03-b07.log
30.12.2005 18:51 380.350 perfh009.dat
30.12.2005 18:51 52.764 perfc009.dat
30.12.2005 18:51 391.000 perfh007.dat
30.12.2005 18:51 63.580 perfc007.dat
30.12.2005 18:51 897.954 PerfStringBackup.INI
30.12.2005 18:47 92.680 FNTCACHE.DAT
29.12.2005 20:09 90 spupdwxp.log
29.12.2005 03:54 280.064 gdi32.dll
28.12.2005 19:42 143 mcrh.tmp
28.12.2005 03:13 12.980 wpa.bak
21.12.2005 11:40 328.659 ttstv.tmp
21.12.2005 11:40 328.608 ttstv.ini
10.12.2005 15:46 0 TFTP1636
09.12.2005 15:16 351.525 ttstv.bak1
09.12.2005 15:16 561.204 vtstt.dll
08.12.2005 16:25 2.723.680 MRT.exe
07.12.2005 18:05 716.800 divxdec.ax
07.12.2005 18:05 573.952 DivX.dll
07.12.2005 18:05 679.936 divx_xx07.dll
07.12.2005 18:05 679.936 divx_xx0c.dll
07.12.2005 18:05 663.552 divx_xx11.dll
05.12.2005 21:51 10.716 dsm_ja.qm
05.12.2005 21:51 15.331 dsm_de.qm
05.12.2005 21:51 15.172 dsm_fr.qm

05.12.2005 18:09 2.323.664 d3dx9_28.dll
05.12.2005 18:07 63.696 dxdllreg.exe
05.12.2005 18:07 61.136 xinput9_1_0.dll

05.12.2005 14:10 133.913 ntlc42.exe.vir
05.12.2005 14:08 154 log.~
05.12.2005 12:25 82 key.~
05.12.2005 12:25 2.118 data.~
05.12.2005 12:24 557.108 awtsr.dll
04.12.2005 19:49 687.592 atmtd.dll
04.12.2005 19:49 687.592 atmtd.dll._

04.12.2005 19:43 21.840 SIntfNT.dll
04.12.2005 19:43 17.212 SIntf32.dll
04.12.2005 19:43 12.067 SIntf16.dll
04.12.2005 19:36 236.032 wincntrl.exe.vir
04.12.2005 19:33 71 i
04.12.2005 19:17 90.624 uwhjjgm.exe
04.12.2005 19:15 147.225 tjpwqfuh.exe
04.12.2005 19:14 52.505 scvhost.exe.vir
04.12.2005 19:14 147.225 evjarn.exe
04.12.2005 19:14 90.624 dhyyo.exe
04.12.2005 18:57 0 TFTP3764
04.12.2005 18:52 25.941 NULL
04.12.2005 18:52 16.832 amcompat.tlb
04.12.2005 18:52 23.392 nscompat.tlb
04.12.2005 18:35 25.065 wmpscheme.xml
04.12.2005 18:31 324 $winnt$.inf
04.12.2005 18:28 2.951 CONFIG.NT
04.12.2005 18:26 488 WindowsLogon.manifest
04.12.2005 18:26 488 logonui.exe.manifest
04.12.2005 18:26 749 wuaucpl.cpl.manifest
04.12.2005 18:26 749 cdplayer.exe.manifest
04.12.2005 18:26 749 sapi.cpl.manifest
04.12.2005 18:26 749 nwc.cpl.manifest
04.12.2005 18:26 749 ncpa.cpl.manifest
04.12.2005 18:24 21.740 emptyregdb.dat
04.12.2005 18:19 0 h323log.txt
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 3.013.632 mshtml.dll
24.11.2005 00:58 1.022.464 browseui.dll
23.11.2005 05:00 778.240 DivXsm.exe
23.11.2005 05:00 4.276 divxsm.tlb
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
02.11.2005 00:44 127.574 tsuninst.exe
27.10.2005 20:37 53.248 dpuGUI10.dll
27.10.2005 20:37 86.016 dpl100.dll
27.10.2005 20:37 593.920 dpuGUI11.dll
27.10.2005 20:37 200.704 dtu100.dll
27.10.2005 20:37 339.968 dpus11.dll
27.10.2005 20:37 57.344 dpv11.dll
27.10.2005 20:37 294.912 dpu10.dll
27.10.2005 20:37 294.912 dpu11.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 251.392 iepeers.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2468-F584

Verzeichnis von C:\DOKUME~1\samet\LOKALE~1\Temp

06.01.2006 15:01 16.384 Perflib_Perfdata_9c0.dat
06.01.2006 15:00 16.384 ~DF43CD.tmp
06.01.2006 14:59 204 jusched.log
3 Datei(en) 32.972 Bytes
0 Verzeichnis(se), 33.607.585.792 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2468-F584

Verzeichnis von C:\WINDOWS

06.01.2006 15:01 590 win.ini
06.01.2006 14:33 806.532 setupapi.log
06.01.2006 08:36 0 0.log
06.01.2006 08:35 904.636 WindowsUpdate.log
06.01.2006 08:35 2.048 bootstat.dat
06.01.2006 06:46 32.518 SchedLgU.Txt
06.01.2006 06:45 51.701 iis6.log
06.01.2006 06:45 73.114 ntdtcsetup.log
06.01.2006 06:45 121.426 comsetup.log
06.01.2006 06:45 17.100 ocmsn.log
06.01.2006 06:45 1.355 imsins.log
06.01.2006 06:45 132.386 tsoc.log
06.01.2006 06:45 11.054 KB912919.log
06.01.2006 06:45 166.460 ocgen.log
06.01.2006 06:45 17.118 msgsocm.log
06.01.2006 06:45 331.702 FaxSetup.log
06.01.2006 06:45 15.445 updspapi.log
05.01.2006 01:17 69 NeroDigital.ini
01.01.2006 22:35 182.272 NDNuninstall6_98.exe
01.01.2006 22:31 50.688 NDNuninstall6_38.exe
01.01.2006 00:58 214 wiadebug.log
31.12.2005 21:17 50 wiaservc.log
30.12.2005 19:56 1.393 imsins.BAK

29.12.2005 21:05 42.192 wmsetup.log
29.12.2005 20:14 33.735 spupdsvc.log
29.12.2005 20:13 360 DtcInstall.log
29.12.2005 20:12 316.640 WMSysPr9.prx
29.12.2005 20:11 1.510 OEWABLog.txt
29.12.2005 19:58 434.556 svcpack.log
29.12.2005 19:52 200 cmsetacl.log
29.12.2005 19:50 1.330 sessmgr.setup.log
29.12.2005 14:29 27.909 xpsp1hfm.log
29.12.2005 14:29 37.049 KB828741.log
29.12.2005 14:26 33.914 KB835732.log
29.12.2005 14:21 22.953 Q329834.log
29.12.2005 14:20 24.416 KB823559.log
29.12.2005 14:19 22.385 Q329048.log
29.12.2005 14:18 20.720 KB834707-IE6-20040929.115007.log
29.12.2005 14:17 15.021 Q810577.log
29.12.2005 14:14 11.849 Q810833.log
29.12.2005 14:12 9.105 Q811630.log
29.12.2005 14:06 7.691 Q329441.log
29.12.2005 14:04 7.489 Q817606.log
29.12.2005 14:03 4.633 Q329170.log
29.12.2005 14:01 2.750 Q329115.log
29.12.2005 14:00 2.173 Q329390.log
29.12.2005 14:00 1.424 Q323255.log
29.12.2005 13:45 7.050 KB842773.log
29.12.2005 13:44 175.936 setupact.log
28.12.2005 16:49 116.807 DirectX.log
26.12.2005 18:58 211 uno.ini
05.12.2005 16:15 41.216 timessquare.exe.vir
05.12.2005 12:25 32.768 unstall.exe
05.12.2005 12:25 188 iaPXSWOD.ini
05.12.2005 12:24 2 tempf.txt
04.12.2005 19:53 33.376 DIIUnin.dat
04.12.2005 19:48 38 drsmartload.dat
04.12.2005 19:46 0 timessquare1.dat
04.12.2005 19:12 2.829 DIIUnin.pif
04.12.2005 19:12 102.400 DIIUnin.exe
04.12.2005 18:33 8.192 REGLOCS.OLD
04.12.2005 18:31 311 setuperr.log
04.12.2005 18:28 0 control.ini
04.12.2005 18:28 299.552 WMSysPrx.prx
04.12.2005 18:27 4.161 ODBCINST.INI
04.12.2005 18:27 240 Windows Update.log
04.12.2005 18:26 749 WindowsShell.Manifest
04.12.2005 18:23 37 vbaddin.ini
04.12.2005 18:23 36 vb.ini
04.12.2005 18:16 0 Sti_Trace.log
04.12.2005 18:13 1.348 regopt.log
04.12.2005 18:13 231 system.ini
21.10.2005 02:24 69.632 MRJJ.EXE.vir
21.10.2005 02:24 81.920 IEMonitor.ocx

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2468-F584

Verzeichnis von C:\

06.01.2006 15:13 0 sys.txt
06.01.2006 15:11 7.384 system.txt
06.01.2006 15:08 403 systemtemp.txt
06.01.2006 15:06 91.482 system32.txt
06.01.2006 15:03 4.125 write.log
06.01.2006 15:02 262.918 preupd.log
06.01.2006 08:35 267.964.416 hiberfil.sys
06.01.2006 08:35 402.653.184 pagefile.sys
05.01.2006 22:52 53 direct.txt
29.12.2005 19:52 211 boot.ini
29.12.2005 19:27 47.564 NTDETECT.COM
29.12.2005 19:27 251.184 ntldr
05.12.2005 14:39 16.384 index1.exe.vir
05.12.2005 14:10 446 a.bmp
04.12.2005 18:52 597 TO_InstallLog.txt
04.12.2005 18:28 0 CONFIG.SYS
04.12.2005 18:28 0 AUTOEXEC.BAT
04.12.2005 18:28 0 MSDOS.SYS
04.12.2005 18:28 0 IO.SYS

lg grueße aus dem berliner wedding...

Dieser Beitrag wurde am 06.01.2006 um 15:28 Uhr von shylocc editiert.

06.01.2006, 15:54

Sabina

Ehrenmitglied

Beiträge: 29434

#7 es hat keinen Sinn...es ist besser, du formatierst..da ist zuviel an Backdoors, Viren und Spyware versammelt...
__________
MfG Sabina

rund um die PC-Sicherheit

07.01.2006, 13:23

Lapas

...neu hier

Beiträge: 2

#8 Kann mir jemand helfen ich hab Winfixer und Power scan.Ich kann das nicht löschen . Logfile of HijackThis v1.99.1
Scan saved at 13:21:22, on 07.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
D:\Programme\iPod\bin\iPodService.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLHostManager.exe
C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLServiceHost.exe
C:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Ulead Systems\Ulead Photo Express 4.0 Meine Spezielle Edition\CalCheck.exe
C:\Programme\4.0M MPEG4 DV\Console\Watch.exe
c:\programme\gemeinsame dateien\aol\1134745239\ee\services\antiSpywareApp\ver2_0_13\AOLSP Scheduler.exe
C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLServiceHost.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Jan Figler\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nrg.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] D:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [EumexInst] "G:\Setup.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express Calendar Checker für Meine Spezielle Edition.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 Meine Spezielle Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F26748F-1D19-4465-AA09-48394A09F8E0}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe

07.01.2006, 15:39

Sabina

Ehrenmitglied

Beiträge: 29434

#9 Lapas

wer so etwas laedt...ist selber schuld, wenn er sich den PC zerstoert....

Zitat

I downloaded pirated Software from P2P and now I post my Hijack log whining

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE

PC neustarten

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\wuauclt10.exe
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\system32\smmss.exe
C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe

PC neustarten

deinstallieren/loeschen
C:\Programme\SurfAccuracy
C:\Programme\ISTsvc

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
-----------------------------------------------

ewido--> kopiere hier den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit

07.01.2006, 21:08

Lapas

...neu hier

Beiträge: 2

#10 Sabina vielen Dank für Deine hilfe. Lapas

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1